A Building Automation and Control System (BACS) is being deployed in commercial buildings to enable monitoring and control of the various intelligent systems in the building like HVAC (Heating, Ventilation and Air-Conditioning), safety, access and lighting systems. The BACS provides the integrated control of the various systems based on the energy, safety and user needs in the buildings. The control is realized using various controllers connected to an intelligent network of sensors (which provide real-time status) and actuators (which provide real-time control). Users can read the status from displays and change the settings according to their preferences using switches. The BACS is configured and managed from a Supervisor attached to the building network, which enables precise definitions of the behavior of the system under various circumstances. Additionally, the BACS can be controlled during operation from a back-end management server or through remote interfaces like a web browser.
Traditionally, the various systems in a BACS have been independent with different personnel in charge of the system operation and maintenance. However, with the advent of wireless mesh open standards (like ZigBee, Bluetooth, NFS, etc.) and IP based communication in building control networks, the barriers between the various systems are largely removed and this creates a more closely integrated system. Therefore, integration in the functional level leading to new functionalities has become much simpler. However, this requires that security and access of the various systems can be assured to its operational and maintenance owners.
Current trends in the field of BACS reveal that inadequate work has been done to design BACS while taking into account adequate information security needs. Presently, BACS security works by isolating the systems physically from each other to prevent unauthorized access. However, in an integrated and open-standards based BACS, this poses new requirements for access control (including authentication and authorization) on all the services provided and consumed by the different intelligent building systems.
The proper flow of information in the BACS becomes a matter of concern when a security attack could cause unwanted consequences. These unwanted consequences range from simple privacy breach (e.g. spying on trends of a particular office room) to life threatening situation (e.g. compromised ventilation system).
Access control mechanisms are well studied and applied in computer networks. However such access control mechanisms cannot be directly applied to BACS due to various constraints, for example: user perceived delay in operation (e.g. from a switch when operating a light); memory and computationally constrained devices; a potentially large number of devices in the system; shared low-throughput communication links; possible emergency situations (like fire).
This requires that the access control system for BACS has the following requirements: low-latency operation (to minimize user perceived delay in operation); resource efficient implementation (due to memory and computationally constrained devices); scalable design (due to large number of devices); communication efficient (due to shared low-throughput communication links); and fault-tolerant (due to possible emergency situations).
The current state of research in the field of authorization for distributed systems, a BACS is an example of a distributed system, can be divided into a centralized and a distributed approach for access control systems. The centralized approach and the distributed approach will be briefly discussed below, for a more detailed discussion of the centralized and the distributed approaches please see further below under the detailed description.
In the centralized approach a central decision point is a separate entity in the network. For each access control request between two devices the decision has to be made by this central decision point based on context information. Here context implies location, time, situation (emergency, normal, etc.), number of people in the room, environmental situation (temperature, ventilation level, etc.) and other information relevant to make a particular access control decision. The centralized approach provides scalability in the number of devices that can be added to the network; however it severely hinders efficiency due to the communication overhead on low throughput links especially for simple access requests.
In the distributed approach, the evaluation and the storage of the policies takes place in the different devices locally without the involvement of a centralized decision point, and which would not be present in a system using the distributed approach. The distributed approach reduces the communication overhead and latency. However, the problem with this type of authorization is that it is not scalable due to the need to duplicate the various access control policies that are needed under different contexts. Currently, devices like sensors and actuators used in BACS do not have enough memory resources to store rules for all the relevant devices and users in the network.